Unsecured Database Reveals Scope of Chinese Surveillance

According to a recent report, information from a leaked database revealed the extent to which China is tracking its citizens, particularly its Uyghur and Kazakh minorities.

The database contained the national ID card number, sex, nationality, address, birthdate, photos, past employers, and real-time data and locations of over 2.5 million people in Xinjiang, a region in western China home to large numbers of the nation’s Muslim ethnic minorities. The discovery highlighted the Chinese government’s reliance on facial recognition technology.

“It’s a ‘Muslim tracker’ funded by Chinese authorities in the province of Xinjiang to keep track of Uyghur Muslims,” tweeted Victor Gevers, a self-described hacker and researcher at the GDI.foundation. Gevers discovered the unsecured database on Shodan.io, an IoT-centric search engine that has been the source of many private sector and government data breaches.

The data itself originated from SenseNets Technology, a Chinese facial recognition company, and had been left completely unsecured for months before it was identified by Gevers. The deep trove of data had already been visited multiple times since its exposure and “ransacked” by at least one known hacker.

The company secured the database after being alerted by Gevers to its vulnerability, but accidentally exposed it again when trying to update a pirated version of Windows a few days later.